ZyWall 10 Internet Security
Gateway link
Review Type: Hands On
Reviewer: Chris Kaminski
Date: Feb 13, 2001
 The ZyWall 10
is one of the first in a series of Cable/DSL routers /
firewalls that we will be seeing this year. As security awareness
on the internet builds, consumer are demanding better security for their home
networks – security that goes beyond simple NAT addressing security.
The ZyWall 10 appears to be in a good spot to fill this
need.
|
Security Note |
ZyNOS ZyWall Network
Operating System passed the ICSA.NET firewall certification - link
| ZyXEL
has been in the firewall and security business for quite some time. They
built a networking operating system, called ZyNOS, that has been the core
of their previous firewall products. ZyXEL has built this product, the
ZyWall10 around their newest release of ZyNOS, ver 3.20.
This new version features a web interface and a
setup wizard making it perfect for home network users wanting
more security without the huge learning curve real firewalls have demanded in the
past.
What the ZyWall 10 can
do for you
Connection Sharing
Like other broadband routers,
the ZyWall 10 implements NAT. This allows multiple computers on your private
LAN to access the internet through a single IP address.
The ZyWALL 10 also implements other kinds of NAT for some real unique
configurations.
Firewall
The ZyWall 10 is “pre-configured to automatically detect
and thwart Denial of Service (DoS) attacks such as Ping of
Death, SYN Flood, LAND attack, IP Spoofing, etc. It also uses stateful packet inspection to
determine if an inbound connection is allowed through the firewall to
the private LAN”. This keeps hackers out of your system, AND it
keeps them from denying you access to the internet with
DoS attacks. Additionally, the ZyWall 10 actually lets you configure your TCP and UDP
timeouts. Attack Alert Logs
If someone IS attacking your
network, the ZyWall 10 can be configure to let you know about
it. Not only will it e-mail you an attack log
on a schedule, you can have it e-mail you immediately on certain attack
occurrences. Blocking and Content
Filtering
Using
the web interface, the ZyWall 10 can be configured to
deny access to certain domains. It can also block cookies, ActiveX objects, and
JAVA!
Installing the ZyWall 10
Since the ZyWall 10 does not include a switch for your lan, you will
need an external one. Just string a Cat5 between the uplink
cable of your switch and the ZyWall lan port. If your hub/switch
does not have an uplink port, the ZyWall has a
handy switch on the back to turn it’s LAN port into an uplink
port.
The ZyWall 10 defaults to an IP
address of 192.168.1.1 subnet 255.255.255.0.
You will have to set one of your computers to an IP address in that
range – like 192.168.1.2 subnet 255.255.255.0. Once that is done, simply
open your web browser and point to http://192.168.1.1 . The ZyWall will
ask you for a user ID and password (admin,1234) and
will then display your main menu. I would suggest running through the ‘Wizard
Setup’.
Next, click the LAN button at
the left of the screen. The wizard only asked for your primary
DNS server, so you will have to type the secondary
one in on this screen. Also make sure that your DHCP server is
enabled. ZyWall 10 Security
Test
We ran the ZyWall 10 through a
couple of intense secuity tests on the internet. It passed them both
with flying colors. A perfect score was obtained from
HackerWhacker and Shield Probe at DSL Reports reported a -1 (0 is
perfect). Click HERE
to see the Shield Probe results. A
couple things that could use some
help
-
The
firewall
e-mail alert system does not allow e-mail to be sent through a
secure e-mail server. Most of my e-mail servers require authentication
to send e-mail and I am sure the entire industry is trending that
way.
-
The ZyWall's
date defaults to 1/1/2000. If you do not set
the date/time, all of your firewall logs will be stamped with
the incorrect date. Unfortunately, you can not set the date/time through
the web interface. You must telnet to the device and change it
under the maintenance menu. The date/time setting should be in
the web interface or better yet, get the time and date from the
internet!
Summary
In summary, the ZyWall 10 is a
serious Firewall. The new web interface on ZyNOS makes the setup a snap.
You get a professional level firewall with stateful packet inspection
without having to be a network specialist. If a NAT router isn’t good
enough for you, try the ZyWall 10.
This article was republished by ZyXEL here | 
ZyWall 10
Menu:
from ZyXEL 
